CVE-2019-12700

MEDIUM

Cisco Firepower Threat Defense, Firepower Management Center, and FXOS - Authenticated DoS via PAM SSH Session Exhaustion

Title source: llm

Description

A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos

Scores

CVSS v3 6.5

EPSS 0.0188

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (5)

cisco/firepower_9300_firmware r114

cisco/firepower_9300_firmware r241

cisco/firepower_extensible_operating_system < 2.2

cisco/firepower_threat_defense < 6.1.0

cisco/secure_firewall_management_center < 6.1.0

Published Oct 02, 2019

Tracked Since Feb 18, 2026